From owner-freebsd-arch@FreeBSD.ORG  Thu Dec 29 18:04:41 2011
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B9CC4106566B;
	Thu, 29 Dec 2011 18:04:41 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
	by mx1.freebsd.org (Postfix) with ESMTP id 4A5FC8FC13;
	Thu, 29 Dec 2011 18:04:41 +0000 (UTC)
Received: from ds4.des.no (des.no [84.49.246.2])
	by smtp.des.no (Postfix) with ESMTP id 086C56F42;
	Thu, 29 Dec 2011 18:04:34 +0000 (UTC)
Received: by ds4.des.no (Postfix, from userid 1001)
	id F349E877C; Thu, 29 Dec 2011 19:04:33 +0100 (CET)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Xin LI <delphij@gmail.com>
References: <20111229084308.GD50300@deviant.kiev.zoral.com.ua>
	<CAGMYy3u6v-Ypo_wJEqWWGgGUjoTr=Ctx6tn6VV4fWM4nTYonrQ@mail.gmail.com>
Date: Thu, 29 Dec 2011 19:04:33 +0100
In-Reply-To: <CAGMYy3u6v-Ypo_wJEqWWGgGUjoTr=Ctx6tn6VV4fWM4nTYonrQ@mail.gmail.com>
	(Xin LI's message of "Thu, 29 Dec 2011 03:15:09 -0800")
Message-ID: <86fwg3ntji.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: Kostik Belousov <kostikbel@gmail.com>, arch@freebsd.org, kan@freebsd.org
Subject: Re: fdlopen(3)
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2011 18:04:41 -0000

Xin LI <delphij@gmail.com> writes:
> Will this prevent e.g. writes to the .so file after open, but before
> fdlopen()?

The latest version of OpenPAM checks the ownership and permissions of
modules before it loads them; it will not load modules that are writable
by anyone except root and the process's euid.  This patch prevents an
attacker from switching the .so file between the ownership checks and the
dlopen(3) call.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no